91 comments

[ 3.0 ms ] story [ 157 ms ] thread
There is something interesting happening in the media in relation to hackers and I think that is evident by the fact that this article refers to white hats as "anti hackers". To me, that is a deliberate separation that is intended to hide the good that hackers do.
I'd read 'anti-hackers' just like someone who was described as 'anti-war'. On the plus side at least they're starting to understand that not all hackers are bad?
Never attribute to malice what can be just as easily attributed to stupidity.

Largely outside of the hacker community, the true definition of hacker is lost. If you only look at popular culture there aren't a lot of in-roads to the correct definition of hacking. Therefore how would the average person know?

Interesting take here: "Never attribute to malice what can be just as easily attributed to stupidity."

I think there is much truth to your sentiment. My only qualm would be applying it universally. I am sure there is malice in the world that is masked as stupidity.

To apply something universally is idiotic and short sighed at best. No philosophy applies everywhere, and in every case. Only though understanding the events around you can you formulate a correct assessment.

This grew out of Enlightenment thinking in the 18th century. And its why our modern courts have such foundation on understanding the circumstances, evidence, etc. Also why we have "degrees" of murder.

I agree that acts attributed to malice, often, are merely manifestations of ignorance. The use of "anti hackers" in this article may in fact be one of these manifestations but I am hesitant to say "Never attribute to malice what can be just as easily attributed to stupidity." as you had initially suggested. It's just the word "never" that does not sit well with me. Your most recent comment seems to share this position, so it appears we agree.
We do. I was just using a quote to express my opinion on the matter.
I actually think the term anti-hacker is great! For years hackers complained about their negative image, and failed to explain the "real" meaning of the word. Now there's a pragmatic solution: just call yourself an anti-hacker! Instant credibility!
So what about dark skinned Americans calling themselves anti-blacks? Or perhaps feminists calling themselves anti-women? It promotes a point of view that is incorrect. Just because someone uses a lock pick to break into a home does not make all locksmiths criminals. I think using the term "anti hacker" in place of "white hat hacker" is indicative that a "hacker" is bad when in fact the "anti-hacker" is a "hacker".
> So what about dark skinned Americans calling themselves anti-blacks?

That would often be true, though not in a way analogous to the topic under discussion. Blacks aren't the only darker-skinned people in America, and Black vs. White isn't the only divide along which racism occurs in America.

You are missing my point. The issue is that there are two different meanings of the word hacker. Nobody disputes the meaning of "woman" or "black".

To the general public, a hacker is someone who breaks into a computer system with bad intentions.

We are offended because the general public doesn't understand that we mean something different with the term "hacker".

I'm suggesting to just adopt the meaning of the word that the general public uses, especially when talking to the general public. This way we can avoid misunderstandings.

However, it would be even better to just use more specific terms. "Hacker" is such a catch-all term with different meanings for everyone.

For example: If someone performs an elaborate practical joke, call them a "prankster" instead of "hacker". When you talk about a lab with a bunch of 3D printers, call it a "makerspace" instead of "hackerspace". And when you quote someone about the latest vulnerabilities in OpenSSL, just call them a "security expert".

No one will be offended, everyone will understand what you are trying to say, problem solved.

But I understand that many hackers like to call themselves hackers, and they like the secretive-undergroundish tone that comes with it, and they will continue to use it and they'll continue to be offended when mainstream media use the term in a different way.

> Nobody disputes the meaning of "woman" or "black".

Well, except that the meanings of both "woman" and "black" are very much debated.

In both cases, the main debate is between personal self-identification and some form of externally imposed, notionally objective rule (for "woman" gender identity versus various definitions of "biological sex" [in quotes because while they are various biological sex-related features, they don't all actually necessarily line up with each other], for "black" racial identity versus external ancestry-based criteria like the "one-drop rule".)

I love comments about the "anti-hacker community" though the underlying link to marco's blog (as this entire article is just commentary on original source material) http://marcrogers.org/2014/12/21/why-i-still-dont-think-its-... gives his entire opinion.

I dont think its news to most of us here that the NK connection to the hack is circumstantial; Sony's security has been penetrated by non-state actors before, and without a lot of effort from what I can tell.

North Korea could produce evidence definitely proving they had nothing to with it and it would still be dismissed as propaganda. The number of people who believe that north Koreans are all brainwashed, and yet will accept unquestioningly all of this crap made up about NK is astounding.

Do people /honestly/ think that they have to have haircuts "in line with a socialist lifestyle"? Even after their national TV network reported that it was slander?

Regardless of what you think about NK, it's a product of the circumstances that led to its creation, and it's a bit rich for the American government in particular to say these kinds of things about NK.

What sort of evidence, in this case and in general, proves a negative?
Exactly the point I was going to make. Why is the burden of proof on the accused to prove they are innocent?
"Do people /honestly/ think that they have to have haircuts "in line with a socialist lifestyle"? "

My father grew up in communist Bulgaria and long hair was prohibited. I don't doubt that long hair and extreme hairstyles are also prohibited in North Korea.

(comment deleted)
>Do people /honestly/ think that they have to have haircuts "in line with a socialist lifestyle"?

Yes. [0],[1]

>Even after their national TV network reported that it was slander?

Setting aside the implicit credibility you're ascribing to North Korea, I think you may have been confused with another story. [2]

>Regardless of what you think about NK, it's a product of the circumstances that led to its creation, and it's a bit rich for the American government in particular to say these kinds of things about NK.

I agree, the US clearly does not have the moral standing to sully North Korea's good name with accusations so serious as computer hacking. [3]

---

[0] http://news.bbc.co.uk/2/hi/asia-pacific/4157121.stm

[1] http://en.wikipedia.org/wiki/Let%27s_trim_our_hair_in_accord...

[2] http://www.washingtonpost.com/blogs/worldviews/wp/2014/03/26...

[3] http://en.wikipedia.org/wiki/Yodok_concentration_camp

The US appointed a puppet dictator (Syngman Rhee) who authorised the torture and extermination of people for the crime of being a communist. They also destroyed every single building in the North (not hyperbole, literally every single building). Add to that the continued war games along the border and off the north Korean coast and constant slander.

And I hate to resort to whataboutery, but let's not forget Guantanamo Bay and the recently released reports about the US's torturing of prisoners.

As I said, believe what you want about NK, but their current situation did not develop in a vacuum.

Regardless if North Korea's existence is a product of errors in US foreign policy of the era, I fail to see how that warrants defending North Korea, much less arguing that the US is somehow just as bad.

As far as Guantanamo Bay, I don't agree with torture in any form and believe the detention facility there should not exist.

That said, something like Yodok isn't really on the same plane of existence. I would class it as somewhere in between the Nazi concentration camps of WW2 and Unit 731's atrocities. Guantanamo Bay may as well be Club Med compared to that level of sadism and suffering.

Although I don't like to believe everything the government says (and I have no idea whether they are correct or not in this situation) please stop turning HN into conspiracy theory central. The last week has seen a few of these 'experts debunk North Korea theory' on the front page every day. Due to the fact the FBI has withheld some of their evidence from the public we won't know. Unless we can see all of the evidence we won't know their reasoning. If the US was threatening war with NK over this I would be much more worried and glad to see these posts but considering the only action they are even considering is putting NK on a 'terrorism list' they probably aren't all that confident in their own evidence never mind the stuff they've made public.

I guess my point is please stop posting this stuff. Whenever anything newsworthy happens the 'experts' (in any field) come out in force debunking stuff when they don't have all the evidence. It drives me nuts. I know this is a community and if people find it interesting it'll end up on the front page - that's fine, it's just getting a little annoying.

I don't think they're "debunking" anything as much as asking certain questions that lots of people have.

I think it's worth having that discussion. Nobody is proposing any conspiracies - just due diligence.

Of course, but the discussion has taken places several posts per day for the last week. Unless the FBI releases more information or Sony releases more information there's likely nothing new to discover.
Haven't those discussions been largely mixes of new people? I think it's fair for the people who didn't get a chance to weigh in the first time to have their own deliberation about it.
But you don't understand, once it's been posted it never needs to be discussed ever again. If you didn't read it the first time then tough luck. My theory is the half-life of a subject is ten years before absolutely no one is bothered about it being discussed again.
I understand and I disagree with this sentiment wholeheartedly.
I can cheerfully discuss the same subject ten times in a row on the same evidence, reach a different conclusion each time and still consider the exercise worthwhile.
I'm pretty sure this is sarcasm.
I didn't consider that. I hope so.
It is indeed sarcasm.

This is one of my pet peeves on sites like this, the assumption that if a story was discussed once then everyone for all time can just refer to the appropriate thread and heaven forbid an alternate thread pop up. It's as if having a different discussion at the same time or at some point later by people who have not heard of the story before and most likely have no clue the previous thread exists is a serious problem.

Thank you. I know that feel. As for the OP : it's probably Russia, pretending to be Chinese hackers working out of North Korea. Destabilization indeed. North Korea's 1000 IP internet (seriously, their whole country, USA has almost 1billion IPs) was shut down for a long time recently. Things are moving! Speculate! Speculate! Speculate!
Moreover, there's nothing wrong with proposing conspiracies, given that clandestine operations have been sort of essential throughout world history. Once they become historical fact though, people simply cease thinking of them as "conspiracies" due to the tainted meanings the word evokes.

It's really strange, actually. In secondary school history you see a trend of authoritarianism being the most widespread form of governmental structure, yet for some reason we've been told to accept that during the past few decades the world leaders all had a change of heart and first world governments suddenly became all benevolent.

Or maybe it's a US-specific thing related to their sense of exceptionalism.

I take the complete opposite approach. It sounds more like a conspiracy theory to take the FBI's word on this without significant evidence. Just like with any other alleged crime, the skeptical view (innocent until proven guilty) is best.
you have no right to question the question
The skeptical view is to say "I don't know" until you have enough evidence to know. Innocent until proven guilty is how the courts operate, it's not a guide to skepticism. The skeptic's reaction to an alleged crime without sufficient evidence to prove innocence or guilt should be, "I don't know."

Many (most? all?) of the contrarians on this issue are basically saying, the FBI can't be trusted, and they are wrong. That's not skepticism, that's just being contrary.

The reason to not buy the claim is that tracking down hackers is an extremely difficult task.

North Korea is a "best bet" to report, much like the previous "Google Hacks" were probably China. But in the world of hacking, you never really know.

The FBI having "proof" that they can't disclose is just as good as nothing, you can pretty much do any claim as long as you can just say that you can't disclose all information.

Please, this is the same people who said Iraq had nuclear guns, a much more serious claim.

I think it's a bit hyperbolic to color the recent HN posts as "conspiracy theories." While I don't find them persuasive, the posts I've read have simply been honest attempts to evaluate the public claims implicating North Korea.

What I do find interesting and objectionable, though, is that these articles have, in my view, been of uncharacteristically low quality. Ironically, it would seem that the collective HN wisdom and skepticism becomes dormant when confronted with an article seeming to confirm their antecedent skepticism towards the U.S. government.

I know I was being hyperbolic. You nailed it in your second paragraph - that's my problem. Several posts per day regurgitating what was posted yesterday. Until we have more information from Sony, the FBI, or the hackers I wouldn't mind not seeing these posts from 'experts'. Trust me, I'm always skeptical of the Us government. I don't know whether to believe them or not in this instance. But these posts are just getting irritating.
I think denials of state actor hacking is bewildering. Its seem more credulous that a previously unknown hacker group (the GOP? Really?) suddenly take down Sony in such an elaborate fashion, especially when a movie literally protraying the murder of NKorea's leader is about to be released (In June N Korea vowed to "mercilessly destroy" anyone involved with The Interview.) Groups like the Lizard Squad who perform Sony attacks tend to have a history and reputation. This group has no history. That itself should be a huge mark against those who go against the FBI's claim.

Not to mention we have a massive history of NK and Chinese cyberwars against the west. Often both countries working hand in hand, with the NK hacker team reported to be headquartered in a hotel in a Chinese city under the auspices of the Chinese government. Shenzhen I believe.

I think a lot of this "debate" is centered on how people feel about the USG and specifically its foreign policy. I think a lot of black-hat and grey-hats tend to idealize autocratic regimes like Russia, China, N Korea, Syria, Iran, etc because they are "counters" to US foreign policy, so they often will take an anti-US spin on things. This isn't technology or informed commentary. Its just the same lazy outrage politics that has taken over any other type of discourse on the internet. From a rational perspective, this attack obviously points to the NK regime. Its fits their MO, their history, and, if we take the FBI's claims as true, their technology and capabilities.

The same way many anti-US/anti-Western commentators were telling us that those weren't Putin's troops in Crimea or in Eastern Ukraine. They kept saying "more proof" when it was obvious no amount of proof would convince them. They just had an anti-US bone to pick and liked the attention of being contrarian.

I also think its emotionally comforting to pretend there isn't a massive multi-party cyberwar going on, all the time. I think people want to believe its just some bad apples, not nation states and their leadership ordering attacks left and right, with impunity. Its a little scary to think what is possible from a determined attacker and how little of our industry and practices are focused on security.

Have you missed the Lulzsec series of hacks against Sony? Lulz It's not like they hacked Google here. Sony probably had lower security standards than your average start-up company. And their first request was a money reward, not to stop the movie from being published.

Also the US gov and its intelligence agencies have earned their share of distrust here. I would be more worried if HN as a whole would automatically trust the US intelligence agencies after all of their lies from the past two years. The US agencies are like the boy that cried wolf. If they want us to trust them when something actually happened, then they should stop lying all the other times, too.

All actions have consequences, but the US gov has acted way too many times as if they do not. The recent execution of the two cops is also a consequence of the US gov acting lawlessly and saving their murderous cops from prosecution. I have no doubt the person that did it had mental issues, but I don't think he would've gone and executed two cops without the murderous cops being saved from justice by the US government (two times too many).

Weapons of mass destruction, Syrian rebels, CIA torture, Snowden is a traitor, the Wikileaks suppression, ...

I think that it's not entirely irrational to believe the opposite of whatever USG says about foreign policy.

I would second this. I think everyone wants to believe that the U.S. Government is trustworthy and that they stand for what is morally right... but the definition of madness is to continue doing the same thing and expecting different results. Too much has gone on in recent history that shows the Government is not trustworthy. You can't expect to keep being caught betraying the trust of your countrymen and expect them to continue trusting what you have to say.

Whether this is North Korea or not, the fact is, the only information appearing to confirm that has thus far appeared to come from or have perhaps been coerced by the Government... given the Government has proven themselves time and again not to be trusted, what are we supposed to believe? Is it North Korea? Is the evidence credible? Has it been fabricated?

What are we supposed to think?

What about the many correct statements they've made over the years?

Sometimes they lie. Sometimes they're innocently wrong. Sometimes they're right. It is irrational to knee-jerk believe the opposite of what they say just because they're sometimes lying or wrong.

If you don't trust them, fine. I don't trust them either. But that means that you should evaluate for yourself, not simply believe the opposite of what they say.

It's not the local Scientology Society, it's the USG, the most powerful and lethal organization on Earth. They might usually be "innocently wrong", but sometimes they're wrong and thousands of people die. I'm aiming at those occasions. Same reason I oppose death penalty, you never know if the person is really guilty, so you shouldn't kill them, just to be safe.
Rather than believe or disbelieve them, you can weight them instead.

Which leads us to an interesting question.

What weighting should be given to unsubstantiated claims from the FBI?

They don't exactly have an unblemished record for accuracy, so it is tempting to weight them negatively.

I guess I probably weight them slightly positively, but not by very much at all, which is why I am taking the opinions of independent security professionals over the FBI on this.

You have to remember though that they're a political party - they say what it is politically advantageous for them to say, or what they can spin it to look like. There is no black and white nor right or wrong in their eyes, only angles, spin and PR. How true they are being at any given time depends only on how they can use it to their advantage. If it is politically advantageous to tell the truth, they will do so, if it is politically advantageous to distract from, cover up or lie about, they they will equally do so. You can't trust them, all you can trust is if their angle currently aligns with your goals.

This is how dishonest bills get piggybacked through while everyone is looking in the wrong direction, this is why political arrests are made, this is why the Government backtracks on Whistleblower protections and they condemn countries that use torture to achieve their ends... until they themselves are caught doing it, only to throw their hands up and say "Hey, it was necessary!" You can't have your cake and eat it too.

Life isn't black and white, it's grey. Nobody is innocent, everyone has capability of good and evil (if you choose to look at it that way). But when you can only trust someone as far as their political agenda, how do you know when to trust them and when not to?

I agree with your point though of not automatically believing or disbelieving in what they have to say, you have to look at whether it is more politically advantageous to be truthful or deceitful... but with more and more information coming out that shows the level of their deceit, you have to wonder if anything they say is true or if it's all spun for political advantage.

I argued here that it may be NK: https://news.ycombinator.com/item?id=8765292

But I don't think I can agree with your comment. Whether the group in question is new or has a new moniker I don't think says anything about whether NK was behind this.

Because of the strange evolution of the case (first demanding ransom) it's pretty clear that the identities of the hackers have looked to be different groups with different goals. There is either collusion or there is a false flag:

A.) #GOP is a false flag operation for NK state controlled or sponsored attacks (this has been done before by other states - e.g. SEA)

B.) NK is a false flag used by #GOP for lulz or to confuse law enforcement/forensics (this has been done before by other hackers - e.g. Gary McKinnon)

C.) There is a real group #GOP active in the East (why we haven't heard of them) who either hacked Sony in isolation and then got NK support or was encouraged but not propositioned by NK to perform the compromise in the first place

My bets are currently on C, as the objective of the hack changed a week after ransom was not provided and because from what I can tell the tools that are purported to be state sponsored only appeared some time after the initial compromise and along with the change in demands.

Many good questions are raised by critics of the FBI's published evidence. That isn't outrage politics. I don't think that "from a rational perspective... obviously points to NK" - and I think you would have a lot of difficulty defending the case that you are the one with the access to the 'rational perspective'. (It's sophistry to speak in terms of authority like that, without providing an argument that stands on its own...)

Re: troops in Crimea. It most certainly was some of Putin's troops in support of East Ukrainian separatists. What isn't seen is the 'pro-West' (?) side admitting to the equivalent - NATO troops and supplies supporting West Ukrainian separatists. Or the conversation include the discussions about the European presence at the protests and riots, the aggressive financial deal that the EU knew could/would split the country, EU membership offer, and leaked audio plans to 'select' a pro-West Ukrainian presidential candidate. Russia isn't innocent and neither is the West. Neither is China for that matter. (This is realpolitik, we don't have the luxury of innocence.)

I'm glad you mention the fact that there is a global cyberwar. The types of operations seen in the global cyberwar thus far are for the most part very different from the kind we saw at SONY. Some of the stuff SEA did was similar in kind, but didn't see as much blatant destruction. I've read several global cyberpolicy recommendations and all of them recommend against the type of vicious and overtly destructive activity demonstrated by the SONY hacks (all of the papers I have read are about US cyberpolicy).

You take a group of critical thinkers and expose them to a topic that many are experts in and they'll focus principally on fact rather than opinion. At the moment the released facts don't necessarily report the widely reported conclusion. It's of course possible that more compelling evidence exists but hasn't been disclosed. At that point it's a "just trust us" sort of argument though and I don't find it too surprising that the situation invites skepticism.
The government has worn out goodwill for "just trust us." If you want the ability to be able to use the "just trust us" card, you have to prove yourself trustworthy and with the amount that's coming to light recently about the level of deceit within their ranks, that card has gone. They now need to have full disclosure to win back that goodwill. They can't have their cake and eat it too.
The government has no credibility anymore, conspiracy theories aside. This is the real problem. Even if they are telling the truth, nobody believes them.
US Government only had credibility in the 40s, when the office of censorship stamped out anti-war propaganda and the DoD spent millions (billions in today's money) on Pro-War propaganda.

The trend continued in the 50s and 60s with McCarthyism being a "soft censor". It wasn't technically illegal to talk about Communism or other governments... but if you did, you'd probably lose your job.

We've got freer speech today compared to back then. So naturally, anti-government claims are going to be louder today than ever before.

At least we used to just call it the Department of War.

It was much more honest.

> At least we used to just call it the Department of War.

> It was much more honest.

The Department of War was only really analogous to the modern Department of Defense for about a decade from 1789 until 1798 when the Department of the Navy was pulled out to its own department. From 1798 to 1947, the "Department of War" was at least as misleading as the modern Department of Defense, since a whole lot of war was conducted under the auspices of another department (the Department of the Navy.)

Bull.

The 1798 Sedition Act outlawed speech, outlawed prominent authors who were critical to the Adam's administration. Hundreds of dollars in fines and months in prison. (worth a lot in today's money)

The First Amendment was passed in 1791. And only seven years later, the US Government was already censoring its citizens who were critical of the presidency.

The Bill of Rights only has as much power as the people who watch over the government. It was a battle to get the government to recognize our rights in the 1700s, just as much as it is a battle to get them recognized today. Welcome to politics, this sort of thing _never_ changes.

And don't just look at the past with rose-colored lenses. Look at it critically. Politics / government has always been a dirty business.

"Democracy is the worst form of government, except for all others"

May I remind you: the Government (and Media) lied about the USS Maine so that we'd get into the Spanish-American war. "Remember the Maine, to Hell with Spain". We also lied about a number of facts in WW2, but fortunately history proved that we were in the moral right to do so in that war.

The US Population is far wiser and smarter today. The difference is that we're no longer ignorant to blatant lies from our government. So I'd argue that today's government is more honest than our ancestors / forefathers even.

I hate to feed conspiracy theories, but with the focus on state sponsored cyber security threats, we completely forget that corporate sponsored threats are equally potent.

Every time there's an attack on intellectual property of Western companies, fingers are raised straight to state sponsored groups in China and Russia. It's bewildering to me that privately sponsored attacks are hardly considered seriously.

With the Sony attack we have been focusing on the movie, while the movie could've been just an excuse for an attack that was aimed to financially dismantle Sony, which it did.

Many corporations in China and Russia are state-sponsored. The whole communist / socialist thing blends government and corporations in a way that is alien to the typical US Citizen.

    With the Sony attack we have been focusing on the
    movie, while the movie could've been just an excuse 
    for an attack that was aimed to financially dismantle
    Sony, which it did.*
But they didn't attack Sony proper. If they attacked Sony and stole the tech to PS4 something, then it'd probably be China or Russia.

But these guys attacked Sony Pictures Entertainment... not just any part of Sony. The scope of the hack IIRC doesn't go any further out than Sony's Hollywood branch. Frankly, there aren't any corporations in the world who actually care about a (probably) awful movie being made at some studio. And the Chinese corporations that make movies are distinctly not competing against Sony Pictures.

Sony Pictures Entertainment is the parent company of "Columbia Pictures" and "MGM". Tell me, who the hell would attack "Columbia Pictures" ??

North Korea said in June that The Interview was a "wanton act of terror" and promised "merciless" retaliation if it was released. Said it was an "act of war" and "is absolutely intolerable"

http://time.com/2921071/kim-jong-un-seth-rogen-the-interview...

Edit: In July they made a complaint to the UN about the film, saying: "To allow the production and distribution of such a film on the assassination of an incumbent head of a sovereign state should be regarded as the most undisguised sponsoring of terrorism as well as an act of war," http://www.theguardian.com/film/2014/jul/10/north-korea-un-t...

<sarcasm>I'm sure they had nothing to do with what happened to Sony</s>

How do you square this with the fact that NK makes empty threats all of the time?
They have thousands of pieces of artillery pointed at Seoul and have nuclear weapons. Every couple months they shell the S Korean side or a S Korean ship or kidnap someone.

They may not have started WWIII, but they do act out violently. They are not all talk, unfortunately.

Right but they still make plenty of empty threats especially on a global scale. Nor have their threats to use many of the artillery they have pointed toward South Korea (including nuclear arms) been fulfilled.

Of course North Korea and South Korea have violent exchange. They are countries founded by settling down opposing armies on a border neither thinks is fair. I do not see how this 'squares' the fact that they are known for making empty threats?

Their empty threats are empty because they're either incapable of carrying them out, or don't want the consequences of doing so.

They don't invade the South because they know they'd lose. They don't turn the US into a lake of fire because they're unable to do so.

But hacking an entertainment company is within their means, and the consequences are not too bad.

The fact that they sometimes threaten things they can't do adds no information to the question of whether they did this thing.

> The fact that they sometimes threaten things they can't do adds no information to the question of whether they did this thing.

I think it does. I think it calls into question that when NK makes a threat, we can't just assume that they're going to follow up on it. That is, their making a threat adds no information to the question of whether they did this thing. And that's my point. OP argues that since they made a threat we can eat dessert and wash our hands.

Great find.

EVERYONE - we found the guilty party; they had motive.

No other parties could possibly also have had motive (and motive===guilt), so we can stop looking now.</s>

You seem to be in need of this: http://www.merriam-webster.com/dictionary/motive

motive: something (as a need or desire) that causes a person to act

There is a difference between a motive and stating you intend to take an action.

North Korea has a motive AND has publicly stated they intend to take action. They should not be surprised if they are the prime suspect when that action occurs.

> You seem to be in need of this: http://www.merriam-webster.com/

Wow, thanks! Bookmarked.

> There is a difference between a motive and stating you intend to take an action.

Barely. You've made your motive public and added a threat on top of that.

> North Korea has a motive AND has publicly stated they intend to take action.

NK has a long history of threatening everyone and their mothers with doom and gloom and nuclear boom, and we're all still here (i.e. they rarely follow through).

But even then - let's look into the threat a bit, shall we? I can't actually find the original source, best I could do (I gotta run - apologies) is:

> "If the US administration allows and defends the showing of the film, a merciless counter-measure will be taken," the spokesman was quoted as saying. [1]

So, their merciless counter-measure, that they vowed to on a world stage, was in fact:

"We'll pay someone to hack Sony, then deny it"

..? Really? (Let alone that the original threat was obviously aimed at the US administration).

[1] http://www.bbc.co.uk/news/world-asia-28014069

PS: Back in June, Rogen responded on Twitter: "People don't usually wanna kill me for one of my movies until after they've paid 12 bucks for it.". That's exactly what I would do.

> Wow, thanks! Bookmarked.

You're welcome (I can tell that's not sarcasm, since it doesn't have any sarcasm tags ;)

> "We'll pay someone to hack Sony, then deny it"

NK doesn't always admit to things they do. They denied kidnapping japanese citizens for 25 years, until they admitted it 2002.

The Cheonan was sunk by an NK torpedo.. NK denies it.. but an international investigation said NK sunk it.. condemned by the UN security council. (later a defector from NK said the crew that sank it were honored as heros.)

Assuming NK to act rational is sometimes asking for too much.

So let me get this straight. The North Korean government publicly warns that the release of The Interview will cause dire consequences. Shortly before the release of the film, said dire consequences occur. The moment the movie is pulled, all of a sudden the consequences stop. Right, that doesn't sound like NK was involved at all.

The real question is: why are these "experts" - including some here on HN - taking such extreme and unfounded positions on this? I think it's quite likely that they didn't do the hacking themslves. Perhaps they paid members of Lulzsec to do this on their behalf. But to deny that NK is behind this is absurd and makes the whole security community look crazier than Kim Jong-Un.

> including some here on HN - taking such extreme and unfounded positions on this? I think it's quite likely that they didn't do the hacking themslves. Perhaps they paid members of Lulzsec to do this...

I'm struggling to see how you don't see the irony or hypocrisy in what you are saying.

? All I said was that I don't know who actually carried it out, but it's pretty obvious that it served NK's interests.
No, you said "But to deny that NK is behind this is absurd and makes the whole security community look crazier than Kim Jong-Un"
(comment deleted)
My understanding is that the movie was not once mentioned by the hacker(s) or the victim (Sony) but rather the first mention of the movie was by a popular American news outlet.

In this context the two narratives of "north korea did it, okay?" and "perhaps one of the 8,000 laid off tech department workers at Sony did it" are easy to understand.

Sony's multiple layoffs of its digital unit workers gave certain employees time to orchestrate this.

And on the cry wolf side, the big 3 American media companies started going down their own rabbit hole of speculation and fear mongering.

Do you remember the last time (if ever) any of these "News Outlets" have rescinded their accusations (especially regarding 'war') after making such strong accusations for so long ?

In this context the two narratives of "north korea did it, okay?" and "perhaps one of the 8,000 laid off tech department workers at Sony did it" are easy to understand.

These two narratives are not mutually exclusive. NK could easily have hired one of these people. I don't know who carried it out but I'm 99% sure I know who is behind it.

I don't know who carried it out but I'm 99% sure I know who is behind it.

And how confident are you that this isn't the Dunning–Kruger effect in action?

I don't see why you are so self-assured in this. As far as I'm concerned, the media circus around this makes the truth completely unknowable.

I'm definitely skeptical that NK is behind it for the simple reason of who benefits from that narrative. Obviously it sounds better for Sony if they were hacked by a rogue state rather than a handful of disgruntled individuals. The media loves a good story and is ecstatic to whip this up into a major political frenzy, dragging in the US government and whomever else they can in order to drive page views. NK wants more than anything to be taken seriously and feared; so even if they deny it you can't see them being too upset about the allegations.

It seems to me interests are aligning in a perfect storm here, and that makes me very very skeptical. That doesn't mean I firmly believe they weren't involved, but just that I don't think we have any reasonable chance of getting at the truth.

The initial contact with Sony did not make any mention of the movie, and was more like an extortion attempted related to the lifting of data through Sonys less than optimal security.

Then talk came up of it being related to the movie (in the Press, or from Sony), and unsurprisingly, the next contacts suggested that the movie had something to do with it.

The original group also seems to have said that they did not send threats to Sony employees after the docs were uploaded, and the contact to the movie theaters was different than that to Sony.

Unfounded basis? Possibly, but no more unfounded than the assumptions being made, which basically amount to "Last saturday, a black Ford Fiesta was involved in a bank robbery, driven by a guy wearing black pants and a blue top. Today, I saw a black Ford Fiesta with a guy wearing black pants and a blue top, he must be going to rob a bank".

Fairly nice timeline here https://np.reddit.com/r/worldnews/comments/2puo8h/bittorrent...

Source for the original email, a plain extortion http://mashable.com/2014/12/08/hackers-emailed-sony-execs/

Other sources for skeptical views: http://www.tomsguide.com/us/sony-hack-skeptics,news-20037.ht... http://www.wired.com/2014/12/evidence-of-north-korea-hack-is...

The original group deny the threats: http://recode.net/2014/12/08/sony-hacker-leaks-more-internal...

The alleged initial group also says here it is not about the movie: http://www.csoonline.com/article/2853893/disaster-recovery/f...

My reading of it is that it is not 1 attack, but several different ones (no surprise given Sonys crappy security), and people are assuming it is all one group, and taking the first option given to be the actual one, as, let's face it, the group behind it is unlikely to ever be caught, and during this whole thing, since Sony bought up the fact they thought it was about the movie, NK has been low hanging fruit as an obvious choice.

The dire consequences include the release by the hackers of the exact bit of video that NK is claiming they never want released.

Now that is absurd.

> The North Korean government publicly warns that the release of The Interview will cause dire consequences.

They say that about a lot of things.

> Shortly before the release of the film, said dire consequences occur.

No, it did not. The Sony hack does not meet any definition of "dire" nor a specific event aforementioned by NK.

> The moment the movie is pulled, all of a sudden the consequences stop.

Nothing started, nothing stopped. So I guess you're kinda right? Either way, this stop posting drivel.

The politico-medial complex told you that North Korea was the culprit. Believe it, immediately!
At the moment that I'm writing, not one of the ten highest-ranked comments here addresses any of the technical detail or substance in the counterarguments which white hat experts have raised.

Bruce Schneier is one of these skeptical experts.

http://motherboard.vice.com/read/the-best-thing-we-can-do-ab...

The IP address blog post by Dr Krypt3ia makes the FBI look silly beyond words.

http://krypt3ia.wordpress.com/2014/12/20/fauxtribution/

The Marc Rogers post makes a lot of sense to me.

http://marcrogers.org/2014/12/21/why-i-still-dont-think-its-...

I remember a time when a discussion like this on Hacker News would have concerned itself with the technical details of the analysis, in an honest attempt to discern the truth of the matter, rather than a bunch of opinionated political rambling, and although that was a very long time ago, I still consider that type of discussion more worth our time here.

On the other hand, Hacker News commenters have been complaining about the dropping quality of Hacker News comments since soon after Hacker New started.
"Remember the Maine! To hell with Spain!"

The US has been seeking a tangible threat in cyberterrorism for years. Anonymous is too ethereal and China is too big of a sleeping dragon for them to poke. Enter a hack loosely tied to a movie about North Korea and BINGO; you have an enemy to fight on the cyberfront.

It is much, much more likely that the FBI is pointing the finger at North Korea in the interim while they actually try and figure out who did this. The reasons are many:

* It might make the investigation easier if the culprits think that the FBI is looking at NK and thus are less careful than they might otherwise be.

* NK is an easy scapegoat. If the reality is that the perpetrators cannot be uncovered, the FBI looks more competent by pointing the finger (unprovably) at NK than saying "We have no idea."

* The FBI doesn't care if NK actually did it. If they can merely tangentially prove that NK was involved, it prevents a massive security breach from being an unsolved crime. To have a breach the size of Sony's remain unsolved would bolster every would-be hacker in the world.

I take it that most of the people commenting on the issue in the submitted article, and most of the people commenting on the issue here on Hacker News, have visited the United States. All of us can read and write English. But how many of those people have ever been to north Korea, or even to south Korea? How many can read Korean and regularly follow the Korean-language press from both sides of the demilitarized zone, or regularly have conversations with Korean friends? Applying critical thinking to a complicated issue usually requires domain-specific knowledge. One part of the domain-specific knowledge here is knowledge of methods of unauthorized access to computer networks and computer security measures, which many Hacker News participants have. But another part of the domain-specific knowledge needed to size up the disputed issues in this case is knowledge of Korean internal politics, and I think that very few Hacker News participants have that knowledge or even attempt to gain it.

AFTER EDIT: Someone's silent disagreement with my comment is evidence as I type in this edit. On my part, I'd be glad to hear from people who have all of the relevant forms of information about what happened recently to Sony and about how various governments have responded to that before making up my mind. So please join in the thoughtful discussion here if you have knowledge of the geopolitics involved or of other issues I didn't even bring up above. What's most persuasive in any discussion is actual evidence, and thoughtful discussion of evidence from reliable sources is what I like best about Hacker News.